Splunk Search

Discussions

Thread Info

Multivalue Chart

I have to write a time chart in a day how many different event value happened. [- logToABTest() response ABTestLog...

by Engager in

Problems filtering results using lookup field

I have an automatic lookup that works ok but when I try to filter results by selecting a field that comes from the lo...

by Path Finder in

How to write regex for field extraction to match two log entries?

Folks, I have the following REGEX: (?:[^:\n]*:){4}\d+\.\d+\w+,(?P<ComponentName>[^,]+),(?P<EventCode>[^,]+),(?P<Me...

by Explorer in

How to add the results of a chart?

source=XXXXX | lookup customer_journey.csv "Page Name" as "Page Name" output "Customer Journey Name" as Transaction "...

by Explorer in

Can I insert or update a table from a search in Splunk with DB Connect?

Can I INSERT or UPDATE a table from a search in Splunk with DB Connect?

by Communicator in

How to show XX lines per sourcetype per host

Hi, I want to look at the format for a number of hosts that are using the same sourcetype (I suspect that the form...

by Champion in

ODBC - How to pass parameter to a Saved Search Query

Is there a way to pass parameter to a saved search from an ODBC connection in Excel? (since only saved searches ca...

by Explorer in

How to write regex to extract my fields at search-time?

Hi, I have these entries in the log. I am trying to extract fields FINISHED and ERROR_RUNNING for this. But I am abl...

by Path Finder in

Tabled _time - Find differences between each event

I have a tabled results of _time. Each one is an event and I want to find a difference for each event and have the va...

by Builder in

Epoch Search String Multiply

Hello! Can anyone please help me with this Search-String? I have an Epoch Data inside my query like this: **ind...

by Contributor in

How to search the number of distinct users by index over the past 3 months?

I am in need of a search that will display the number of Distinct users by index over the past 3 months. I have creat...

by Explorer in

Is there a function to get the week day from any given epoch time?

I know how to get the week day from raw events, the week day is stored in the field date_wday. However, I wonder if t...

by Communicator in

Searching on consecutive lines

My logs output two consecutive lines in the case of a connection timeout: ... CONNECTION-x.x.x.x:y: connect() time...

by New Member in

Why are graphs not representative of counts from my search? How to join main and subsearch to compare results?

I have the main search returning results appropriately in the "Events" tab however, visualization returns incorrect g...

by Contributor in

Is there a way to reverse comparison order of week over week results using timewrap?

I am using timewrap to return week over week results. I need to be able to change the order of comparison from week1,...

by Engager in

Is it possible to have a search string so long that it can't be parsed in Splunk 6.0 or higher?

Is this still a possibility with Splunk 6.0 and higher? "The search process can't parse the search string. In the ...

by Splunk Employee in

Eval usage limit?

Is there a limit to the number of eval functions that can be used in a single search? It appears that using more than...

by Builder in

Minimum free disk space reached for /opt/splunk/var/run/dispatch

I am receiving the following message in Splunk 6.01 "Minimum free disk space reached (5000MB) for /opt/splunk/var/run...

by Explorer in

Merge fields and magic happens

Looking for a simple approach to combine two fields into one. Ref: ES / Audit / Incident Review Audit There is ...

by Engager in

Why does a join of a search and subsearch on _time with matching values fail?

I tried to join a search and subsearch on _time with the join command, but this failed, even though the resulting tim...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Multivalue Chart

Problems filtering results using lookup field

How to write regex for field extraction to match two log entries?

How to add the results of a chart?

Can I insert or update a table from a search in Splunk with DB Connect?

How to show XX lines per sourcetype per host

ODBC - How to pass parameter to a Saved Search Query

How to write regex to extract my fields at search-time?

Tabled _time - Find differences between each event

Epoch Search String Multiply

How to search the number of distinct users by index over the past 3 months?

Is there a function to get the week day from any given epoch time?

Searching on consecutive lines

Why are graphs not representative of counts from my search? How to join main and subsearch to compare results?

Is there a way to reverse comparison order of week over week results using timewrap?

Is it possible to have a search string so long that it can't be parsed in Splunk 6.0 or higher?

Eval usage limit?

Minimum free disk space reached for /opt/splunk/var/run/dispatch

Merge fields and magic happens

Why does a join of a search and subsearch on _time with matching values fail?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...